Buenos Aires, Argentina
Remote DoS attack against SSH Secure Shell for Windows Servers
USSR Advisory Code:
Luciano Martins <firstname.lastname@example.org>
SSH Secure Shell for Windows Server 2.4
SSH Secure Shell for Windows Server 2.5 available soon
SSH Communications Security Corp
UssrLabs has recently discovered a problem with Windows versions
The problem lies with adjacent connection handling where the sshd
unable to handle 64 simulataneous connections. As a result the
crash, and no services to the sshd will be accepted.
The problem lies in ssheloop.c where the assertion test fails.
The Event Log displays the following code after 64 connections
FATAL ERROR: E:\src\lib\sshutil\ssheloop\win32\ssheloop.c:1597
(function name unavailable) Assertion failed:
ssh_adt_num_objects(ssh_eloop_events) < 64
No doubt, proper error handling techniques have not been implemented
the SshEventLoop which ultimately causes the crash.
This results in a Denial of Service against the service in question.
2. Vendor Status:
official fix will be available soon.
Underground Security Systems Research:
USSR is an emerging security company based in South America.
We are devoted to network security research, vulnerability research,
and software protection systems. One of the main objectives of
is to develop and implement cutting edge security and protection
that cater to an evolving market.
We believe that the way we implement security solutions can make
difference. CrunchSP is an example, providing a solution to software
piracy. Our solutions such as CrunchSP are devoted to protecting
On a daily basis, we research, develop, discover and report
vulnerability information. We make this information freely available
via public forums such as BugTraq, and our advisory board located
The USSR is a highly skilled, experienced team. Many USSR
programmers, as well as programmers of partners and affiliates,
seasoned professionals, with 12 or more years of industry experience.
knowledge base of numerous computer applications as well as many
low level programming languages makes USSRback a diverse team
prepared to serve the needs of any customer.
USSR has assembled some of the world's greatest software developers
and security consultants to provide our customers with a wide
of enterprise level services. These services include:
* Network Penetration Testing
* Security Application development
* Application Security Testing and Certification
* Security Implementations
* Emergency Response Team
* Virtual Private Networking
* Intrusion Detection
* Support and maintenance
For more information, please contact us via email at
Copyright (c) 1999-2000 Underground Security Systems Research.
Permission is hereby granted for the redistribution of this alert
electronically. It is not to be edited in any way without explicit
consent of USSR. If you wish to reprint whole or any part of this
alert in any other medium excluding electronic medium, please
email@example.com for permission.
The information within this paper may change without notice. We
not be held responsible for the use and/or potential effects of
programs or advisories. Use them and read them at your own risk
not at all. You solely are responsible for this judgment.
If you have any questions, comments, concerns, updates, or
suggestions please feel free to send them to:
Underground Security Systems Research